Windows Kernel Debbuging: Debug over virtual serial port with WDK 8.1

5
votes

I'm currently having some issues doing kernel debugging of a Windows 7 x64 target from my Windows 8.1 x64 host machine. I'm running Visual Studio 2013 with WDK 8.1 on my host and have provisioned my target machine running in VMWare.

Here are my configurations for the target machine. It was configured by reading mostly from here - http://www.codeproject.com/Tips/545835/Kernel-Mode-Debugging-in-a-VM-using-Visual-Studio :

  • Windows 7 x64
  • Serial port COM2 with VMWare with name \\.\pipe\com2. All proper options in VMWare are checked
  • Debug flag for OS enabled through msconfig. Debug port is COM2 running at 115200 baud.
  • I ran the test target client "WDK Test Target Setup x64-x64_en-us.exe" on the machine before provisioning the computer

I was able to provision the computer properly -- it created the WDK Remove User account. However, I'm running into some issues actually debugging. Below are the steps

  1. Launch the Windows 7 x64 target image in VMWare and wait on the boot menu
  2. In Visual Studio (host machine), go to Debug -> Attach to process -> Select my computer -> Select process "Kernel" -> Attach
  3. In VMWare, press enter to boot Windows
  4. It takes a while, but on my host machine, Visual Studio eventually connects. I can choose to "Break All" and actually use the debugger.

However, I can't seem to connect to the debugger if I don't do it before booting the kernel. And I can only attach once. For example, I can't let Windows initialize to the desktop and then build my driver and begin debugging. The debugger will always hang on "Waiting to reconnect...". The same goes for if I begin debugging on kernel initialization, decide to stop debugging, then try to reconnect or reattach; it will hang on "Waiting to reconnect..." indefinitely as well.

1
windowskernelwindbgwdk
Hello @xtef_ did you fix this? I have similar issueWakan Tanka
Isn't this normal behavior that you can only connect with the kernel during boot?huysentruitw
@WouterHuysentruit I'm not quite sure if this is normal behavior; I've read conflicting information online. If this is normal behavior, then that means I can only debug my driver once before needing to restart the machine? Because that is the case currently. Prior to trying with VS 2013 and WDK, I had used VisualDDK visualddk.sysprogs.org and had been able to load/unload and debug my driver as many times as I wanted to. Currently I can attach once at startup and then never re-attach until a reboot.xtef_
No, you connect with the kernel debugger during boot (otherwise you will keep staring at "Waiting to reconnect..."), later you can stop your driver, update it and start it, while the debugger keeps running. Do note that I always used WinDbg for debugging.huysentruitw
Personally, unless you need a VM for a very good reason i.e. your driver is related to VM development, i'd just buy a second machine and connect via ethernet, which is significantly more reliable than COM/Firewire. There is also this: virtualkd.sysprogs.orgdjgandy

1 Answers

2
votes

Please use WinDbg for kernel debugging. WinDbg comes with the WDK, and it will save you so much trouble vs using VS2013. Check out Setting Up Kernel-Mode Debugging of a Virtual Machine Manually for detail instructions. If you have trouble getting WinDbg to work, I can help you, but I have already gave up on kernel debugging using VS2013.